From cef30893ecc7aa7b6cdcef0092b5ba4245af20a2 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Mon, 3 May 2010 15:15:43 -0400 Subject: client installation fixes: nscd, sssd min version, bogus join error - Don't run nscd if using sssd, the caching of nscd conflicts with sssd - Set the minimum version of sssd to 1.1.1 to pick up needed hbac fixes - only try to read the file configuration if the server isn't passed in --- ipa-client/ipa-install/ipa-client-install | 32 +++++++++++++++++++++---------- ipa-client/ipa-join.c | 2 +- ipa.spec.in | 7 +++++-- 3 files changed, 28 insertions(+), 13 deletions(-) diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index 5dbeee4b1..0be4a4c3e 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -127,7 +127,7 @@ def uninstall(options): run(["/usr/bin/ipa-getcert", "stop-tracking", "-d", "/etc/pki/nssdb", "-n", "Server-Cert"]) except Exception, e: print "Failed to stop tracking Server-Cert in certmonger: %s" % str(e) - + try: run(["/sbin/service", "certmonger", "stop"]) except: @@ -160,6 +160,11 @@ def uninstall(options): except: print "Failed to restart start the NSCD daemon" + try: + run(["/sbin/chkconfig", "nscd", "on"]) + except: + print "Failed to configure automatic startup of the NSCD daemon" + if not options.unattended: print "The original nsswitch.conf configuration has been restored." print "You may need to restart services or reboot the machine." @@ -575,7 +580,7 @@ def main(): return 1 #Modify pam to add pam_krb5 - run(["/usr/sbin/authconfig", "--enablekrb5", "--update"]) + run(["/usr/sbin/authconfig", "--enablekrb5", "--update", "--nostart"]) print "Kerberos 5 enabled" if options.conf_ntp and not options.on_master: @@ -586,20 +591,27 @@ def main(): ipaclient.ntpconf.config_ntp(ntp_server, fstore) print "NTP enabled" - #Activate Name Server Caching Daemon + if options.sssd: + nscd_action = "stop" + nscd_status = "off" + else: + nscd_action = "restart" + nscd_status = "on" + + #Name Server Caching Daemon. Disable for SSSD, use otherwise try: - run(["/sbin/service", "nscd", "restart"]) + run(["/sbin/service", "nscd", nscd_action]) except: - print "Failed to start the NSCD daemon" - print "Caching of users/groups will not be available" - pass + print "Failed to %s the NSCD daemon" % nscd_action + if not options.sssd: + print "Caching of users/groups will not be available" try: - run(["/sbin/chkconfig", "nscd", "on"]) + run(["/sbin/chkconfig", "nscd", nscd_status]) except: print "Failed to configure automatic startup of the NSCD daemon" - print "Caching of users/groups will not be available after reboot" - pass + if not options.sssd: + print "Caching of users/groups will not be available after reboot" print "Client configuration complete." diff --git a/ipa-client/ipa-join.c b/ipa-client/ipa-join.c index 094bc948e..16d8604e7 100644 --- a/ipa-client/ipa-join.c +++ b/ipa-client/ipa-join.c @@ -596,10 +596,10 @@ join(const char *server, const char *hostname, const char *bindpw, const char *k krb5_principal uprinc = NULL; krb5_error_code krberr; - conf_data = read_config_file(IPA_CONFIG); if (server) { ipaserver = strdup(server); } else if ((ipaserver = getIPAserver(conf_data)) == NULL) { + conf_data = read_config_file(IPA_CONFIG); fprintf(stderr, "Unable to determine IPA server from %s\n", IPA_CONFIG); exit(1); } diff --git a/ipa.spec.in b/ipa.spec.in index f42b67b6d..e76b3582c 100644 --- a/ipa.spec.in +++ b/ipa.spec.in @@ -141,7 +141,7 @@ Requires: nss_ldap Requires: wget Requires: xmlrpc-c Requires: libcurl -Requires: sssd +Requires: sssd >= 1.1.1 Requires: certmonger %description client @@ -497,7 +497,10 @@ fi %endif %changelog -* Thu Mar 4 2010 Rob Crittenden - 1.99-19 +* Mon Apr 26 2010 Rob Crittenden - 1.99-20 +- Set minimum level of sssd to 1.1.1 to pull in required hbac fixes. + +* Thu Mar 4 2010 Rob Crittenden - 1.99-19 - No need to create /var/log/ipa_error.log since we aren't using TurboGears any more. -- cgit